Fallos del tipo CWE-330
148 resultadosCVE-2026-45673MEDIUMNetty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source PortEPSS 0.3%CVE-2025-12787MEDIUMHydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash GenerationEPSS 0.3%CVE-2021-23020—The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictaEPSS 0.3%CVE-2025-66511MEDIUMNextcloud Calendar app used predictable proposal participant tokensEPSS 0.2%CVE-2026-34511MEDIUMOpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State ParameterEPSS 0.2%CVE-2024-42475MEDIUMOAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNGEPSS 0.2%CVE-2026-7847LOWchatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random valuesEPSS 0.2%CVE-2026-28415MEDIUMGradio has Open Redirect in OAuth FlowEPSS 0.2%CVE-2025-68704HIGHJervis has a Weak Random for Timing Attack MitigationEPSS 0.2%CVE-2024-10604MEDIUMIdentifiable Header Values In Fuchsia Leading To Tracking of The UserEPSS 0.2%CVE-2026-40975MEDIUMValues produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} shoEPSS 0.2%CVE-2026-50009MEDIUMNetty QUIC stateless reset token material exposed through header-visible connection IDsEPSS 0.2%CVE-2026-41207MEDIUMnetty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failuresEPSS 0.2%CVE-2021-26407MEDIUMA randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information discloEPSS 0.2%CVE-2025-11723MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information ExposureEPSS 0.2%CVE-2023-32831MEDIUMIn wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure wiEPSS 0.2%CVE-2025-15574MEDIUMInsecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud ConnectionEPSS 0.2%CVE-2026-40306MEDIUMDNN has same HostGUID for all new installsEPSS 0.2%CVE-2023-24478MEDIUMUse of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux beEPSS 0.2%CVE-2026-41701MEDIUMIn Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queuesEPSS 0.2%